ciao..Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16.21.39, on 01/09/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\mamma\Desktop\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.alice.it/search/home/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: WinInizio.it toolbar - {456e6433-cbc4-48b9-895b-07df7034555d} - C:\Programmi\WinInizio.it\tbWinI.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WinInizio.it toolbar - {456e6433-cbc4-48b9-895b-07df7034555d} - C:\Programmi\WinInizio.it\tbWinI.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: WinInizio.it toolbar - {456e6433-cbc4-48b9-895b-07df7034555d} - C:\Programmi\WinInizio.it\tbWinI.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [inCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Anti-virus web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gloomyavril.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164564909887
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1165254289718
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/download/DownloaderActiveX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7221 bytes
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-09-02 15:51:28
PROTECTIONS: 1
MALWARE: 36
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Kaspersky Anti-Virus 6.0.2.614 No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44cf-8957-5838F569A31D}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239}
00032731 application/mywebsearch HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
00032731 application/mywebsearch HackTools No 0 Yes No hkey_classes_root\clsid\{147a976f-eee1-4377-8ea7-4716e4cdd239}
00115735 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122962.DLL
00115735 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122941.dll
00116106 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122966.DLL
00134791 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122955.DLL
00134792 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122973.DLL
00135334 Application/FunWeb HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP287\A0124689.inf
00135334 Application/FunWeb HackTools No 0 Yes No C:\Documents and Settings\mamma\Documenti\backups\backup-20070831-164544-300.inf
00135334 Application/FunWeb HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP272\A0122212.inf
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\mamma\Cookies\mamma@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\mamma\Cookies\mamma@atdmt[1].txt
00202047 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122957.DLL
00241782 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122969.DLL
00247238 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122953.DLL
00254794 Application/FunWeb HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122964.DLL
00264405 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122990.EXE
00314351 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122967.MANIFEST
00337303 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122961.DLL
00358091 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122963.EXE
00365118 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122975.DLL
00365120 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122952.DLL
00365121 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122965.DLL
00365123 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122959.DLL
00365126 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122943.dll
00365126 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122942.dll
00365126 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122958.DLL
00365127 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122960.SCR
00365127 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122944.scr
00365133 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122991.DLL
00369714 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122979.DLL
00505702 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122976.EXE
00505935 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122956.DLL
00514395 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122940.DLL
00516286 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122954.DLL
00516287 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122968.DLL
00529152 Application/MyWebSearch HackTools No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122970.EXE
01057811 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122974.DLL
01059313 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122980.DLL
01130155 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122978.EXE
01136588 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122977.EXE
01159410 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP281\A0123089.dll
01159410 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122989.DLL
01215128 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{EE5E41CA-6E5D-4FA2-B957-3811BA80FADF}\RP278\A0122971.DLL
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================